It seems lately I’m regularly having to dump the information from SSL certificates (for instance to get the “Subject” or CA signer). Since I keep having to look up the exact syntax, I thought it easier to save here and figured it might help others.
So, if in PEM format, use the following:
openssl x509 -text -in cert.pem
If in PKCS#12 format, use this:
openssl pkcs12 -info -in cert.pfx
To dump a CSR (Certificate Signing Request), use this:
openssl req -text -in request.csr
To dump/check a private key:
openssl rsa -text -noout -in key.pem
More can be found here and here.
UPDATE:
You can also pull the publickey side of a certificate from an active website, which can be handy. The output will be in PEM format:
openssl s_client -showcerts -connect somehost.somedomain.com:443 >cert.pem </dev/null
It will give you information about the certificate you just pulled, however you will need to use the above PEM dump example to get things like the serial number.
Leave a Reply